Advanced Machine Learning and Deep Learning Techniques for Anomaly Detection in Industrial Control System
Main Article Content
Abstract
The study extensively examines the evolution of Industrial Control Systems (ICS), with a specific focus on Programmable Logic Controllers (PLC) within critical infrastructure, specifically mixing stations and heat treatment facilities. The research delves into the cybersecurity risks arising from the convergence of PLCs with information technology, transitioning from standalone systems to cloud integration. Noteworthy contributions from industry and academia underscore the pivotal role of machine learning and deep learning techniques in fortifying PLC-based system security. The article rigorously optimizes five classic machine learning algorithms and three deep learning algorithms, achieving an impressive accuracy of over 97%. Additionally, the proposed combined model attains over 99% accuracy on Hardware-In-the-Loop-based Augmented ICS (HAI) and ICS-Flow datasets. The study's importance lies in its thorough analysis of security implications and practical optimization of advanced algorithms, promising effective detection and mitigation of cyber threats in PLC-based ICS environments. These insights offer a compelling perspective for industry and researchers, providing nuanced understanding of cybersecurity dynamics in critical facilities. Optimized algorithms not only demonstrate remarkable threat detection accuracy but also signify a pivotal step in enhancing the cybersecurity resilience of essential infrastructure, serving as indispensable tools against emerging risks.
Keywords
Machine learning, anomaly detection, ICS, deep learning
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
References
[1] H. K. Shin, W. Lee, J. H. Yun, B. G. Min, Two ICS security datasets and anomaly detection contest on the HIL-based augmented ICS testbed, 14th Workshop on Cyber Security Experimentation and Test (CSET), Sep. 2021, pp. 36-40. https://doi.org/10.1145/3474718.3474719
[2] A. Dehlaghi-Ghadim, M. H. Moghadam, A. Balador, H. Hansson, Anomaly detection dataset for industrial control systems, IEEE Access, vol. 11, Sep. 2023, pp. 107982 - 107996. https://doi.org/10.1109/ACCESS.2023.3320928
[3] M. D. Firoozjaei, N. Mahmoudyar, Y. Baseri, A. A. Ghorbani, An evaluation framework for industrial control system cyber incidents, International Journal of Critical Infrastructure Protection, vol. 36, Mar. 2022. https://doi.org/10.1016/j.ijcip.2021.100487
[4] S. Karnouskos, Stuxnet worm impact on industrial cyber-physical system security, in IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society, Melbourne, VIC, Australia, Nov. 7-10, 2011. https://doi.org/10.1109/IECON.2011.6120048
[5] M. Geiger, J. Bauer, M. Masuch, and J. Franke, An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems, in IEEE International Conference on Emerging Technologies and Factory Automation, ETFA, Vienna, Austria, Sep. 8-11, 2020. https://doi.org/10.1109/ETFA46521.2020.9212128
[6] A. Di Pinto, Y. Dragoni, and A. Carcano, TRITON: The first ICS cyber attack on safety instrument systems, Black Hat USA, 2018.
[7] Y. Wang, M. M. Amin, J. Fu, and H. B. Moussa, A novel data analytical approach for false data injection cyber-physical attack mitigation in smart grids, IEEE Access, vol. 5, Nov. 2017, pp. 26022 – 26033. https://doi.org/10.1109/ACCESS.2017.2769099
[8] I. Elgendi, M. F. Hossain, A. Jamalipour, and K. S. Munasinghe, Protecting cyber physical systems using a learned MAPE-K model, IEEE Access, vol. 7, Jul. 2019, pp. 2169-3536. https://doi.org/10.1109/ACCESS.2019.2927037
[9] C. M. Ahmed et al., NoisePrint: Attack detection using sensor and process noise fingerprint in cyber physical systems, in ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, May. 2018, pp. 483-497. https://doi.org/10.1145/3196494.3196532
[10] M. A. Umer, K. N. Junejo, M. T. Jilani, and A. P. Mathur, Machine learning for intrusion detection in industrial control systems: Applications, challenges, and recommendations, International Journal of Critical Infrastructure Protection, vol. 38, Sep. 2022. https://doi.org/10.1016/j.ijcip.2022.100516
[11] Y. Luo, Y. Xiao, L. Cheng, G. Peng, and D. D. Yao, Deep learning-based anomaly detection in cyberphysical systems: Progress and Opportunities, ACM Computing Surveys, vol. 54, no. 5. May. 2021, pp. 1-36. https://doi.org/10.1145/3453155
[12] G. Singh and N. Khare, A survey of intrusion detection from the perspective of intrusion datasets and machine learning techniques, International Journal of Computers and Applications, vol. 44, no. 7, 2022, pp. 659-669. https://doi.org/10.1080/1206212X.2021.1885150
[13] B. Kim, M. A. Alawami, E. Kim, S. Oh, J. Park, and H. Kim, A comparative study of time series anomaly detection models for industrial control systems, Sensors, vol. 23, no. 3, Jan. 2023. https://doi.org/10.3390/s23031310
[2] A. Dehlaghi-Ghadim, M. H. Moghadam, A. Balador, H. Hansson, Anomaly detection dataset for industrial control systems, IEEE Access, vol. 11, Sep. 2023, pp. 107982 - 107996. https://doi.org/10.1109/ACCESS.2023.3320928
[3] M. D. Firoozjaei, N. Mahmoudyar, Y. Baseri, A. A. Ghorbani, An evaluation framework for industrial control system cyber incidents, International Journal of Critical Infrastructure Protection, vol. 36, Mar. 2022. https://doi.org/10.1016/j.ijcip.2021.100487
[4] S. Karnouskos, Stuxnet worm impact on industrial cyber-physical system security, in IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society, Melbourne, VIC, Australia, Nov. 7-10, 2011. https://doi.org/10.1109/IECON.2011.6120048
[5] M. Geiger, J. Bauer, M. Masuch, and J. Franke, An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems, in IEEE International Conference on Emerging Technologies and Factory Automation, ETFA, Vienna, Austria, Sep. 8-11, 2020. https://doi.org/10.1109/ETFA46521.2020.9212128
[6] A. Di Pinto, Y. Dragoni, and A. Carcano, TRITON: The first ICS cyber attack on safety instrument systems, Black Hat USA, 2018.
[7] Y. Wang, M. M. Amin, J. Fu, and H. B. Moussa, A novel data analytical approach for false data injection cyber-physical attack mitigation in smart grids, IEEE Access, vol. 5, Nov. 2017, pp. 26022 – 26033. https://doi.org/10.1109/ACCESS.2017.2769099
[8] I. Elgendi, M. F. Hossain, A. Jamalipour, and K. S. Munasinghe, Protecting cyber physical systems using a learned MAPE-K model, IEEE Access, vol. 7, Jul. 2019, pp. 2169-3536. https://doi.org/10.1109/ACCESS.2019.2927037
[9] C. M. Ahmed et al., NoisePrint: Attack detection using sensor and process noise fingerprint in cyber physical systems, in ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, May. 2018, pp. 483-497. https://doi.org/10.1145/3196494.3196532
[10] M. A. Umer, K. N. Junejo, M. T. Jilani, and A. P. Mathur, Machine learning for intrusion detection in industrial control systems: Applications, challenges, and recommendations, International Journal of Critical Infrastructure Protection, vol. 38, Sep. 2022. https://doi.org/10.1016/j.ijcip.2022.100516
[11] Y. Luo, Y. Xiao, L. Cheng, G. Peng, and D. D. Yao, Deep learning-based anomaly detection in cyberphysical systems: Progress and Opportunities, ACM Computing Surveys, vol. 54, no. 5. May. 2021, pp. 1-36. https://doi.org/10.1145/3453155
[12] G. Singh and N. Khare, A survey of intrusion detection from the perspective of intrusion datasets and machine learning techniques, International Journal of Computers and Applications, vol. 44, no. 7, 2022, pp. 659-669. https://doi.org/10.1080/1206212X.2021.1885150
[13] B. Kim, M. A. Alawami, E. Kim, S. Oh, J. Park, and H. Kim, A comparative study of time series anomaly detection models for industrial control systems, Sensors, vol. 23, no. 3, Jan. 2023. https://doi.org/10.3390/s23031310